On Thu, Feb 08, 2024 at 02:53:45PM +0100, Oleg Nesterov wrote: > On 02/08, Christian Brauner wrote: > > > > On Wed, Feb 07, 2024 at 12:45:49PM +0100, Oleg Nesterov wrote: > > > + type = (f.file->f_flags & PIDFD_THREAD) ? PIDTYPE_PID : PIDTYPE_TGID; > > > + ret = kill_pid_info_type(sig, &kinfo, pid, type); > > > > If the user doesn't provide siginfo then the kernel fills in the info in > > prepare_kill_siginfo() a few lines above. That sets info->si_code to > > SI_USER even for the PIDFD_THREAD case. Whenever the info is filled in > > by the kernel it's not exactly userspace impersonating anything plus we > > know that what we're sending to is a pidfd by the type of the pidfd. So > > it feels like we should fill in SI_TKILL here as well? > > Hmm. Agreed, will do, thanks. > > But then I think this needs another preparational 1/2 patch. > prepare_kill_siginfo() should have a new arg so that do_tkill() could > use it too. Agreed. > > (offtopic, but may be the "Only allow sending arbitrary signals to yourself" > check in pidfd_send_signal() needs another helper, do_rt_sigqueueinfo() > does the same check). Agreed.